21 matches found
EUVD-2021-11937
Malware in sbrugna...
CVE-2021-25024
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues...
CVE-2021-25025
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events...
WordPress EventCalendar plugin cross-site scripting vulnerability
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress EventCalendar plugin prior to 1.1.15, which stems from t...
CVE-2021-25025
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events...
CVE-2021-25025
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events...
CVE-2021-25024
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues...
Cross site scripting
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues...
CVE-2021-25024 Event Calendar < 1.1.51 - Reflected Cross-Site Scripting
The EventCalendar WordPress plugin before 1.1.51 does not escape some user input before outputting it back in attributes, leading to Reflected Cross-SIte Scripting issues...
CVE-2021-25024
CVE-2021-25024 affects the WordPress EventCalendar plugin (pre-1.1.51). The vulnerability is a reflected cross-site scripting (XSS) issue caused by the plugin not escaping certain user input before outputting it into HTML attributes. Impact is reflected XSS, enabling an attacker to execute script...
WordPress plugin EventCalendar插件安全漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plug...
PT-2022-9582 · WordPress · Eventcalendar
Name of the Vulnerable Software and Affected Versions: EventCalendar WordPress plugin versions prior to 1.1.51 Description: The issue concerns a lack of proper authorization and CSRF checks in the add calendar event AJAX actions. This allows users with a role as low as subscriber to create events...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress EventCalendar plugin prior to 1.1.15, which stems from t...
CVE-2021-25025
CVE-2021-25025 affects the WordPress EventCalendar plugin before 1.1.51. The root cause is insufficient authorization and CSRF checks in the add_calendar_event AJAX actions, enabling a user with a role as low as subscriber to create events. Impact is unauthorized event creation without proper pri...
califa.evanced.info XSS vulnerability
Open Bug Bounty ID: OBB-625571 Description| Value ---|--- Affected Website:| califa.evanced.info Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
[CVE-2014-1607.] Cross Site Scripting(XSS) in Drupal Event calendar module
Advisory ID: hag2014101 Product: EventCalendar Vendor: Drupal Vulnerable Versions: Drupal 7.14 and probably newer version Tested Version: Drupal 7.14 Advisory Publication: January 23, 2014 Vendor Notification: November 20, 2013 Public Disclosure: January 23, 2014 Vulnerability Type: Cross-Site...
CVE-2014-1607
Cross-site scripting XSS vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE...
Cross site scripting
Cross-site scripting XSS vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE...
CVE-2014-1607
Cross-site scripting XSS vulnerability in the EventCalendar module for Drupal 7.14 allows remote attackers to inject arbitrary web script or HTML via the year parameter to eventcalander/. NOTE: this issue has been disputed by the Drupal Security Team; it may be site-specific. If so, then this CVE...
CVE-2014-1607
CVE-2014-1607 affects the Drupal EventCalendar module (Drupal 7.14) and is a Cross‑Site Scripting (XSS) vulnerability. The flaw lies in the year parameter of the eventcalander/ endpoint, enabling remote attackers to inject arbitrary web scripts or HTML. Public details confirm affected version(s) ...